Job Description:
IT Security Officer (ITSO
)In this role, you will help ensure that vulnerabilities and exposures across our environment are identified, validated, and remediated in a timely manner. You will work closely with system owners and report findings, helping to keep our risk posture visible and well-managed
.
Job Sco
- peAttack Surface Monitoring, Vulnerability Scanning, and Tria
- geMonitor and triage findings surfaced by our Attack Surface Management (ASM) and Vulnerability Management too
- lsAssess each finding for validity, severity, and exploitability before escalating or acting on
- itDistinguish genuine exposures from false positives and contextualise findings against our asset invento
- ryPrioritise remediation efforts based on ri
- skRemediation Workflow Manageme
- ntWork with system owners to follow up on outstanding findin
- gsTrack remediation progress and ensure findings are resolved in a timely mann
- erManage exceptions and risk acceptance where remediation is not immediately feasib
- leCommunicate clearly with non-technical stakeholders, translating technical findings into actionable guidan
- ceReporting & Insigh
- tsConsolidate vulnerability data and remediation metrics for reporti
- ngIdentify trends and surface systemic issues across the organisation's attack surface and internal asset landsca
- peProvide recommendations to improve our overall exposure management program
- meProcess Improveme
- ntContribute to the refinement of ASM and vulnerability management processes, tooling configurations, and escalation playbooks over ti
- meSupport the development and maintenance of vulnerability management policies, standards, and procedures in alignment with industry best practic
es
Prerequisi
- tesBachelor’s Degree in Computer Science/Information Security or equival
- entProfessional certifications, including GWEB, OSCP, CRISC, CISA or other relevant certifications will be prefer
- redPreferably 5 years of experience in a relevant cybersecurity function, such as vulnerability management, attack surface management, security operations, or IT r
- iskStrong understanding of cybersecurity concepts, particularly around vulnerability management, patch management, common vulnerability scoring frameworks (eg CVSS), and external-facing attack surface ri
- sksFamiliarity with ASM or vulnerability management tools (such as Tenable, Qualys, Censys, or simil
- ar)Proficiency in programming languages such as Python will be advantage
- ousStrong analytical and judgement skills, with the ability to think critically and make sound recommendati
- onsGood communication and interpersonal skills, with the ability to multitask, prioritise, and translate technical findi
- ngsMeticulous, with a high degree of integrity, initiative, and ene
rgy